Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection security property for network components #931

Closed
9 of 14 tasks
aj-stein-gsa opened this issue Nov 22, 2024 · 0 comments · Fixed by #938
Closed
9 of 14 tasks

Connection security property for network components #931

aj-stein-gsa opened this issue Nov 22, 2024 · 0 comments · Fixed by #938
Assignees
@kyhu65867
Labels
enhancement New feature or request model: ssp scope: constraints type: task

Comments

@aj-stein-gsa
Copy link
Contributor

aj-stein-gsa commented Nov 22, 2024
edited by Gabeblis
Loading

Constraint Task

For network components that support leveraged authorizations and interconnections in different scenarios, you need to identify the connection security characteristics for those components.

Intended Outcome

Determine there is a connection-security property for the relevant components.

Syntax Type

This is required core OSCAL syntax.

Allowed Values

There are no relevant allowed values.

Metapath(s) to Content

<!-- Metapath target context -->
//component[ (@type='service'  and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction']) ]

<!-- Constraint requirement: There must be at least one connection security property. -->
count(./prop[@name='connection-security' and @ns='http://fedramp.gov/ns/oscal']) >= 1

Purpose of the OSCAL Content

Allow reviewers to understand how network system components manage risk and conform to FedRAMP requirements and best practices.

Dependencies

No response

Acceptance Criteria

  • All OSCAL adoption content affected by the change in this issue have been updated in accordance with the Documentation Standards.
    • Explanation is present and accurate
    • sample content is present and accurate
    • Metapath is present, accurate, and does not throw a syntax exception using oscal-cli metaschema metapath eval -e "expression".
  • All constraints associated with the review task have been created
  • The appropriate example OSCAL file is updated with content that demonstrates the FedRAMP-compliant OSCAL presentation.
  • The constraint conforms to the FedRAMP Constraint Style Guide.
    • All automated and manual review items that identify non-conformance are addressed; or technical leads (David Waltermire; AJ Stein) have approved the PR and “override” the style guide requirement.
  • Known good test content is created for unit testing.
  • Known bad test content is created for unit testing.
  • Unit testing is configured to run both known good and known bad test content examples.
  • Passing and failing unit tests, and corresponding test vectors in the form of known valid and invalid OSCAL test files, are created or updated for each constraint.
  • A Pull Request (PR) is submitted that fully addresses the goals section of the User Story in the issue.
  • This issue is referenced in the PR.

Other information

These tasks are part of #807 and #808.
@aj-stein-gsa aj-stein-gsa moved this from 🆕 New to 🔖 Ready in FedRAMP Automation Nov 22, 2024
@kyhu65867 kyhu65867 mentioned this issue Nov 25, 2024
Merged
6 tasks
@Gabeblis Gabeblis linked a pull request Nov 26, 2024 that will close this issue
931 Connection Security for Network Component #938
Merged
6 tasks
@aj-stein-gsa aj-stein-gsa mentioned this issue Nov 29, 2024
Merged
@Gabeblis Gabeblis moved this from 🏗 In progress to 👀 In review in FedRAMP Automation Dec 3, 2024
aj-stein-gsa pushed a commit to kyhu65867/fedramp-automation that referenced this issue Dec 3, 2024
@kyhu65867 @aj-stein-gsa
Add connection-security prop constraint for GSA#931
23a5449
aj-stein-gsa pushed a commit to kyhu65867/fedramp-automation that referenced this issue Dec 3, 2024
@kyhu65867 @aj-stein-gsa
Add connection-security prop constraint for GSA#931
72d26f5
wandmagic pushed a commit that referenced this issue Dec 4, 2024
@kyhu65867 @wandmagic
Add connection-security prop constraint for #931
7312686
@Gabeblis Gabeblis moved this from 👀 In review to 🚢 Ready to Ship in FedRAMP Automation Dec 5, 2024
@github-project-automation github-project-automation bot moved this from 🚢 Ready to Ship to ✅ Done in FedRAMP Automation Dec 9, 2024
wandmagic added a commit to wandmagic/fedramp-automation that referenced this issue Dec 11, 2024
@wandmagic
Squashed commit of the following:
d5f6fc4 
commit f010473
Author: wandmagic <156969148+wandmagic@users.noreply.github.com>
Date:   Tue Dec 10 15:08:00 2024 -0500

    re-introduce implemented-requirements constraints (GSA#981)

    * re-introduce implemented-requirements constraints

    * add doc available check for health url

    * fix spacing

    * Update src/validations/constraints/fedramp-external-constraints.xml

    Co-authored-by: Gabeblis <gabriel.rodriguez@gsa.gov>

    * Update src/validations/constraints/fedramp-external-constraints.xml

    Co-authored-by: Gabeblis <gabriel.rodriguez@gsa.gov>

    ---------

    Co-authored-by: Gabeblis <gabriel.rodriguez@gsa.gov>

commit c0ad00e
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Mon Dec 9 17:17:47 2024 -0500

    Adjust link for all profiles (GSA#979)

commit 8561600
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Mon Dec 9 11:27:48 2024 -0500

    Add Components To `information-type-800-60-v2r1` Allowed Values (GSA#973)

    * Add Leveraged Authorizations and External, Interconnected, and Unauthorized Systems components to information-type allowed values

    * Adjust constraint target

commit 788b67e
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Mon Dec 9 09:32:35 2024 -0500

    Fix constraint targets (GSA#974)

commit 9d7946c
Author: A.J. Stein <alexander.stein@gsa.gov>
Date:   Fri Dec 6 17:10:04 2024 -0500

    [chore] Update container image to cli v2.4.0 (GSA#971)

commit b2c9712
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Fri Dec 6 15:26:04 2024 -0500

    Add `used-by-link-references-component` constraint (GSA#972)

    * Add 'used-by-link-references-component' constraint

    * Fix message

    Co-authored-by: Kylie Hunter <kylie.hunter@gsa.gov>

    * fix message

    Co-authored-by: DimitriZhurkin <dimitri.zhurkin@noblis.org>

    ---------

    Co-authored-by: Kylie Hunter <kylie.hunter@gsa.gov>
    Co-authored-by: DimitriZhurkin <dimitri.zhurkin@noblis.org>

commit 3dac668
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Fri Dec 6 13:43:16 2024 -0500

    Add `component-has-used-by-link` constraint (GSA#970)

    * Add constraint 'protocol-has-used-by-link'

    * Fix message

    * Change constraint id

    * Fix message (last time)

    * Update src/validations/constraints/content/ssp-component-has-used-by-link-INVALID.xml

    Co-authored-by: A.J. Stein <aj@gsa.gov>

    ---------

    Co-authored-by: A.J. Stein <aj@gsa.gov>

commit c3db2b2
Author: DimitriZhurkin <dimitri.zhurkin@noblis.org>
Date:   Thu Dec 5 13:07:39 2024 -0700

    Add inter-boundary-component-has-direction constraint (GSA#930) (GSA#968)

commit 5d6710f
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Thu Dec 5 13:32:28 2024 -0500

    Fix dev-constraint.js bug (GSA#967)

commit a7f9022
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Thu Dec 5 13:23:21 2024 -0500

    Add exists() to tests and remove duplicate constraint and fix system-implementation context (GSA#966)

    Remove duplicate constraint and fix system-implementation context

commit 780b38a
Author: wandmagic <156969148+wandmagic@users.noreply.github.com>
Date:   Thu Dec 5 12:50:29 2024 -0500

    Hotfix/deprecate all valid (GSA#960)

    * deprecate ssp-all-valid

    * Update src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml

    Co-authored-by: A.J. Stein <aj@gsa.gov>

    * Update src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml

    Co-authored-by: A.J. Stein <aj@gsa.gov>

    * Update src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml

    Co-authored-by: A.J. Stein <aj@gsa.gov>

    * Update src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml

    Co-authored-by: A.J. Stein <aj@gsa.gov>

    * Update fedramp-ssp-example.oscal.xml

    ---------

    Co-authored-by: A.J. Stein <aj@gsa.gov>

commit 2c0e4de
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Thu Dec 5 10:21:00 2024 -0500

    Change cia-has-selected test (GSA#965)

commit 9a8e155
Author: wandmagic <156969148+wandmagic@users.noreply.github.com>
Date:   Wed Dec 4 15:30:29 2024 -0500

    Update fedramp-ssp-example.oscal.xml (GSA#959)

commit 5f7ce81
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 23:38:31 2024 +0000

    change example ssp location

commit 56f399e
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 23:23:59 2024 +0000

    Edit content to make constraints pass

commit d521a22
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 19:12:01 2024 +0000

    Delete extra ssp

commit 8cfb601
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 17:39:38 2024 +0000

    Add example ssp to content file and edit constraint script to point yaml pass file to example ssp

commit ff8f812
Author: ~ . ~ <paul.n.wand@gsa.gov>
Date:   Tue Dec 3 13:50:22 2024 -0500

    fix ssp to pass tests

commit 85ec424
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 17:17:18 2024 +0000

    Add example ssp to content file and edit constraint script to point yaml pass file to example ssp

commit 7312686
Author: Kylie Hunter <kylie.hunter@gsa.gov>
Date:   Mon Nov 25 16:15:01 2024 -0700

    Add connection-security prop constraint for GSA#931

commit 6ccb539
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 16:39:47 2024 -0500

    Add `issue-893` Constraints (GSA#949)

    * Add component-has-non-provider-responsible-role and tests

    * Add constraints and tests

    * Edit message

commit dd3be5f
Author: wandmagic <156969148+wandmagic@users.noreply.github.com>
Date:   Tue Dec 3 16:39:32 2024 -0500

    remove rev4 constraints (GSA#954)

commit 113c4f5
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 15:42:43 2024 -0500

    Fix Bug Issue GSA#940 (GSA#951)

commit c6f8e8f
Author: wandmagic <156969148+wandmagic@users.noreply.github.com>
Date:   Tue Dec 3 13:08:35 2024 -0500

    implementation point constraint (GSA#936)

    * implementation point constraint

    * add help uri

    * improve constraint

    * add extra fail content

    * Update src/validations/constraints/content/ssp-all-VALID.xml

    Co-authored-by: DimitriZhurkin <dimitri.zhurkin@noblis.org>

    * Update fedramp-external-constraints.xml

    Co-authored-by: Rene Tshiteya <rene-claude.tshiteya@gsa.gov>

    * implementation point constraint

    * add help uri

    * improve constraint

    * add extra fail content

    * Update src/validations/constraints/content/ssp-all-VALID.xml

    Co-authored-by: DimitriZhurkin <dimitri.zhurkin@noblis.org>

    * Update fedramp-external-constraints.xml

    Co-authored-by: Rene Tshiteya <rene-claude.tshiteya@gsa.gov>

    * add needed props to all valid

    * rebase

    Co-Authored-By: A.J. Stein <aj@gsa.gov>

    * Update src/validations/constraints/fedramp-external-constraints.xml

    Co-authored-by: A.J. Stein <aj@gsa.gov>

    ---------

    Co-authored-by: DimitriZhurkin <dimitri.zhurkin@noblis.org>
    Co-authored-by: Rene Tshiteya <rene-claude.tshiteya@gsa.gov>
    Co-authored-by: A.J. Stein <aj@gsa.gov>

commit 1377478
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Tue Dec 3 08:57:37 2024 -0500

    Add `component-responsible-role-references-party` constraint (GSA#945)

    * Add constraint 'component-responsible-role-references-party' and tests

    * correct test

    * Rename constraint and adjust help-url

    * Edit message

    Co-authored-by: A.J. Stein <aj@gsa.gov>

    ---------

    Co-authored-by: A.J. Stein <aj@gsa.gov>

commit a8461fb
Author: ~ . ~ <paul.n.wand@gsa.gov>
Date:   Mon Dec 2 11:09:13 2024 -0500

    pin server + update oscal-js version

commit b82c417
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Mon Dec 2 14:07:05 2024 -0500

    Add `leveraged-authorization-has-valid-impact-level` Constraint (GSA#913)

    * Add leveraged-authorization constraint

    * rename constraint

    * fix constraint test

    * correct constraint test

    * Change 'http' to 'https'

    * Add level

commit 1db5f97
Author: Gabeblis <gabriel.rodriguez@gsa.gov>
Date:   Mon Dec 2 13:13:17 2024 -0500

    Constraints/cleanup constraints file (GSA#946)

    * clean up fedramp-external-constraints.xml

    * fix

    * Add message to fully-operational-date-type
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kyhu65867 kyhu65867

Labels
enhancement New feature or request model: ssp scope: constraints type: task
Projects
FedRAMP Automation
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

931 Connection Security for Network Component kyhu65867/fedramp-automation
2 participants
@aj-stein-gsa @kyhu65867